Ransomware attacks steal headlines, but accidental data breaches “remain major cause of loss”

Ransomware attacks continued to burgeon in the first half of 2017, showing a rise of 50% over the first half of 2016. Hacking and malware attacks (of which ransomware attacks form a growing part) continue to be the leading cause of breaches, accounting for 32% of all cyber episodes unearthed in a study conducted by Beazley.

However, the Beazley Breach Insights study also found that accidental breaches caused by employee error or data breached while controlled by third party suppliers continue to be a major problem, accounting for 30% of breaches overall and only slightly behind the level of hacking and malware attacks. In the healthcare sector alone, these accidental breaches represent – and by a significant margin – the most common cause of loss at 42% of incidents.

This continuing high level of accidental data breaches suggests that organisations are still failing to put in place the robust measures needed to safeguard client data and confidentiality. Since 2014, the number of accidental breaches reported to Beazley’s team has shown no sign of diminishing. As more stringent regulatory environments become the norm, this failure to act places organisations at greater risk of regulatory sanctions and financial penalties.

Unintended disclosures caused 26% of breaches during the first half of 2017 in the higher education sector. While slightly down on the 28% recorded in 2016, this still represents a quarter of all breaches which could be mitigated through more effective controls and processes. Hacks and malware accounted for nearly half of higher education data breaches in the first six months of 2017 (43%), which is roughly even with the 45% of breaches caused by hacking in the same period in 2016. Of these, 41% were due to phishing.

Major concerns for business continuity professionals

It’s findings like these, and the disruptive impact that a cyber security incident can have on an organisation, that demonstrate precisely why cyber attacks and data breaches are such major concerns for business continuity and resilience professionals. The Business Continuity Institute’s latest Horizon Scan Report identified them as the top two threats to organisations, with 88% and 81% respectively of respondents to a global survey expressing concern about the prospect of such an event occurring.

Unintended disclosure such as misdirected faxes and e-mails or the improper release of discharge papers continued to drive the majority of healthcare losses, leading to 42% of industry breaches during the first half of 2017 (which is equal to the proportion of these breaches in the industry during 2016). Hacks and malware accounted for only 18% of healthcare data breaches in the first six months of 2017 compared to 17% last year.

At first glance, professional services firms appear to have greater internal controls in place with unintended breaches accounting for 14% of all incidents. That’s well below the average for the period in question. However, the trend is tracking adversely, up from 9% on the first half of 2016. Firms in the sector were not immune to hacking and malware attacks, with such incidents accounting for 44% of breaches in the time period considered compared to 53% in the first six months of 2016.

Katherine Keefe, global head of BBR Services, said: “Unintended breaches account for one third of all data breach incidents reported to Beazley and show no signs of abating. They’re a persistent threat and expose organisations to greater risks of regulatory sanctions and financial penalties. However, they can be much more easily controlled and mitigated than external threats. We urge organisations not to ignore this significant risk and to put more robust systems and procedures in place.”

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014.

Related Posts